Infected Seagate Hard Drives – Chinese subcontractors blamed for trojan horses

Investigators say the tainted Maxtor portable hard disc, made by Seagate, uploads information saved on the computer automatically to Web sites in Beijing

Maxtor portable HDD

A shipment of Maxtor external HDDs, produced in Thailand by US-based Seagate and sold in Taiwan, has been found to be infected with Autorun trojans designed to gather sensitive data from machines connected to the storage devices. According to local reports, the Taiwanese government suspects Chinese involvement, as the devices are commonly used in government operations to provide data storage. Large amounts of sensitive government data are thought to have been harvested and passed on to web-sites based in China.

Following findings by the Investigation Bureau that portable hard discs produced by US hard drive manufacturer Seagate Technology that were sold in Taiwan contained Trojan horse viruses, further investigations suggested that “contamination” took place when the products were in the hands of Chinese subcontractors during the manufacturing process.

Maxtor Basics Personal Storage 3200

Maxtor Basics Personal Storage 3200

On Saturday, Seagate Technology LLC, the manufacturer of the Maxtor portable hard drive, said on its Web site (www.seagate.com) that Maxtor Basics Personal Storage 3200 hard drives sold after August could be infected with the virus.

Anti-virus software manufacturer Kaspersky Labs also issued a similar warning. The hard drive has been temporarily pulled off the shelves and is no longer available for purchase…

—————–
If your Maxtor Basics Personal Storage 3200 unit is infected or to ensure that your unit is clear from this virus, install the latest virus definition list for your anti-virus software. As of October 2, 2007, 28 of the 32 anti-virus software titles have updated their virus definition list to include detect and clean this virus.

Antivirus

Version

Last Update

Virus Name

AntiVir 7.6.0.18 2007.10.01 TR/Autorun.BK
Authentium 4.93.8 2007.10.01 (NOT UPDATED)
Avast 4.7.1043.0 2007.10.01 Win32:Autorun-U
AVG 7.5.0.488 2007.10.01 PSW.Generic4.TUP
BitDefender 7.2 2007.10.02 Win32.Worm.Autoruner.I
CAT-QuickHeal 9.00 2007.10.01 Worm.AutoRun.cn
ClamAV 0.91.2 2007.10.02 Trojan.Delf-1251
DrWeb 4.33 2007.10.01 HLLW.Autoruner.175
eSafe 7.0.15.0 2007.10.01 Virus.Win32.AutoRun.
eTrust-Vet 31.2.5178 2007.10.01 Win32/Rodvir!generic
Ewido 4.0 2007.10.01 (NOT UPDATED)
FileAdvisor 1 2007.10.02 (NOT UPDATED)
Fortinet 3.11.0.0 2007.10.01 OnLineGames.EO!tr.pws
F-Prot 4.3.2.48 2007.10.01 W32/Trojan.CDTB
F-Secure 6.70.13030.0 2007.10.01 Virus.Win32.AutoRun.ji
Ikarus T3.1.1.12 2007.10.01 Virus.Win32.AutoRun.bk
Kaspersky Lab 7.0.0.125 2007.10.02 Virus.Win32.AutoRun.ji
McAfee 5131 2007.10.01 PWS-LegMir
Microsoft 1.2803 2007.10.02 Worm:Win32/Rodvir.gen
NOD32v2 2563 2007.10.01 PSW.OnLineGames.NBR
Norman 5.80.02 2007.10.01 W32/AutoRun.Z
Panda 9.0.0.4 2007.10.01 Trj/QQPass.AGZ
Prevx1 V2 2007.10.02 (NOT UPDATED)
Rising 19.43.00.00 2007.10.01 Trojan.Win32.Delf.ady
Sophos 4.22.0 2007.10.01 Mal/PWS-K
Sunbelt 2.2.907.0 2007.10.02 Win32.Worm.Autoruner.I
Symantec 10 2007.10.01 W32.Drom
TheHacker 6.2.6.075 2007.10.01 Trojan/Dropper.JI
VBA32 3.12.2.4 2007.10.01 Virus.Win32.AutoRun.cn

If you do not have any anti-virus software or if your anti-virus software hasn’t updated its virus definition list, then you can download and install this Kaspersky Lab Anti-Virus software application. Kaspersky Lab has provided Seagate customers a free 60-day fully-functional version of its Anti-Virus 7.0 software.
———————

Full story: TaipeiTimes.com

Seagate official release: Seagate.com

 >

14 Comments

  1. Budda Magoo
    Posted November 20, 2007 at 4:34 pm |

    This is great that we’re being made aware of this, but someone should pressure Walmart, Staples, Best Buy, and Officemax to inform all the consumers who bought this unit from them.

  2. Smarterthanyou
    Posted November 21, 2007 at 12:10 am |

    “A shipment of Maxtor external HDDs [...] sold in Taiwan, has been found to be infected”.

    Mr Magoo, I don’t think you are referring to the Taiwanese branches of these companies.

    This was a spook move by China against Taiwan, and quite and effective one it seems. Well done them, and more fool any Govt who doesn’t roll their own SAN for storage.

  3. greg
    Posted November 21, 2007 at 1:09 am |

    does anyone know the url of either the seagate or the kaspersky announcement?
    I cannot find either, leaving me wondering about the truth of this story. Reading the whole article on taipeitimes.com, the only quote I can find is attributed to an unnamed seagate spokesperson:

    “This scenario seems unlikely because the 3200 does not have any software preloaded on the drive so there is not an opportunity for a virus to be loaded. Yes, the drive is formatted, but I have never heard of a virus that lives in the master boot record.”

    which certainly doesn’t sound like a confirmation of the story.

  4. jim golo
    Posted November 21, 2007 at 1:36 am |

    Don’t people realize by now not to buy *anything* that was made in China? it will either kill you (or your pets or children) or steal your personal data. Sheesh….

  5. J
    Posted November 24, 2007 at 9:40 pm |

    Actually it’s a simple and a effective way in making money in killing or ruining someone else’s background.
    Chinese Government knows that there are people with innovative ideas and creativity. It’s a simple method to steal via Trojans.
    Crash someone’s computer in effect putting him or her out of commission.
    I think it would be prudent, in formatting a hard drive by using an unused internal hard drive and an external hard drive. rather than using a preformatted hard drive.

  6. J
    Posted November 24, 2007 at 10:10 pm |

    Oops, I mean, an internal hard drive and a hard drive enclosure, firewire, e-sata or USB. doesn’t matter which one. I would go for 500GB or 750GB, to store or back up your data.

  7. ftr
    Posted November 25, 2007 at 8:01 pm |

    Whenever I buy a new drive I ALWAYS, ALWAYS format it first.

  8. ost
    Posted November 25, 2007 at 10:07 pm |

    this isn’t only happening in china. Other portable drives are doing the same thing. I found this website that lists infected drives. Like ftr said ALWAYS FORMAT FIRST!!, but either way check this list of infected usb’s and external hardrives.
    http://www.quazen.com/Science/Biology/The-Genetic-Code.53412

  9. Posted November 26, 2007 at 5:43 am |

    These are auto-run scripts embedded into a partition of the hard drive. Unless you disable any auto-runs from your USB terminals every time you connect one, it will have stored and sent the information even before you can right-click and manage your computer.

  10. Posted November 26, 2007 at 5:45 am |

    @ost, that Quazen blog has nothing to do with this topic.

  11. Posted November 26, 2007 at 10:11 am |

    This story is a false.
    It is a lie.
    And it is a poorly constructed lie.

    There is no information to corroborate with the statements made in this story. Let me break it down to you:

    1. “On Saturday, Seagate Technology LLC, the manufacturer of the Maxtor portable hard drive, said on its Web site (www.seagate.com) that Maxtor Basics Personal Storage 3200 hard drives sold after August could be infected with the virus.”
    a. Why didn’t you link to the statement? You seem to have just linked to the site. Someone honestly trying to pass along information usually just makes a direct citation to the site.
    b. To answer my own question, I’ll tell you why: The statement doesn’t exist. This piece was published on the 12th of Nov. – the “statement” happened “this Saturday” (what tech company makes statements on a Saturday. seriously, man. you think they’d do that at an expo?). “Saturday” makes this Nov. 10.
    i. Let’s take a look at the site together. ( http://seagate.com/www/en-us/about/news_room/press_releases/ )
    ii. Oh, there doesn’t appear to have been a press release on the 10th. Reading through the ones around the date, nay; In the Entire Month Of November – provides no evidence to support this, either.
    c. Nice effort, though.

    2. “Anti-virus software manufacturer Kaspersky Labs also issued a similar warning. The hard drive has been temporarily pulled off the shelves and is no longer available for purchase…”
    a. Way to provide a link to that “similar warning”. I’ve got an idea, let’s search Kaspersky’s site.
    i. Oh hey. Not a single thing.

    3. Maybe it can be supported somewhere else (or, “Hello, Lin Ching-lin.”)
    a. Hey. I wonder if we can pull up any other information about this problem. Let’s look at Google. Hey, look’it. All the blog posts in reference to it link back to Lin Ching-lin. It appears that only he is aware of this problem.
    b. Care to provide a little more proficient skill in citing your sources Lin Ching-lin?
    c. Put his name into Google News. Hey, it’s all the stories picked up. Check out the blog trackers. You’ll see that this is a pretty strained story… all linking back to one poorly cited story that, when the sources were checked for the content – were bereft.

    4. This took all of 2 minutes to check. Maybe it’s the mouse gestures, maybe it’s middle-click-for-new-tab – but something that may have an effect on your data should be important enough to check out. Especially with implications this epic.
    a. Would some upstanding technical outfit please hire a well-worded culture fiend that researches like that? Yes, there is such a thing as that level of depravity.

    5. With apologies to Lin Ching-lin.

  12. Laptop Adviser
    Posted November 26, 2007 at 12:34 pm |

    2 AphexMandelbrot
    Thanks for you! Very interesting information

  13. AphexMandelbrot
    Posted November 26, 2007 at 10:29 pm |

    Retracted – seagate.com

    Found it. I’m just saying, could you cite where you’re getting this from in the future?

  14. Laptop Adviser
    Posted November 27, 2007 at 12:17 am |

    I’m just saying, could you cite where you’re getting this from in the future?

    Ok.

    Source: seagate.com

    If you have purchased a Maxtor Basics Personal Storage 3200 product since August 2007 the product may be infected with a virus. Kaspersky Labs, a maker of anti-virus software, has alerted Seagate to the existence of a virus found on at least one Maxtor Basics Personal Storage 3200 product. Seagate has traced this issue to a small number of units produced by a Maxtor sub-contract manufacturer located in China. Seagate quickly put a stop ship to units leaving the facility as soon as the company learned of the probable infection. All units now leaving the facility in question have been cleared of the virus and units in inventory are being reworked before being released for sale. However, some affected units may have been sold to the public before the problem was detected. Seagate apologizes for the inconvenience that has been caused as a result of this incident.

    To determine if the Maxtor Basics Personal Storage 3200 drive you have may be infected, or if you have any questions about this virus, please call Seagate customer support. Please have the serial number of your Maxtor Basics Personal Storage 3200 drive ready when you call. See link at the bottom of this page for a list of Seagate customer support phone numbers.